The recent data breach at Cook County Health potentially exposed personal information of over 1.2 million patients, raising questions about healthcare data security. Perry Johnson & Associates (PJ&A), a medical transportation firm, reported an unauthorized individual accessing patient data in its systems in April, informing Cook County Health of this event in July according to CBS News.
Affected data include patient names, birthdays, addresses, medical record numbers, encounter codes, medical information, and service dates and times. Social Security numbers of an estimated 2,600 patients could also have been exposed as reported by CBS News. Cook County Health has since terminated its contract to, and stopped sharing patient data with PJ&A.
As per ID Strong, Chicago healthcare providers are increasingly becoming cyberattack targets, with Cook County Health being the latest victim. The breach at PJ&A exposed multiple patient records, therefore, making those affected susceptible to identity and medical fraud, although the exact nature and intention of the breach remains unknown.
In April 2023, PJ&A discovered the breach and then informed Cook County Health in July 2023, ultimately suggesting that patient data may have been compromised per ID Strong. Post info, Cook County Health ended its contract with the transcription service, and PJ&A provided a list of impacted patients on October 9th.
Despite Cook County Health’s assurance that no misuse of personal information has been identified, affected individuals should monitor medical bills, looking for suspicious activity. The healthcare provider is notifying patients, offering protection tips, and providing credit report monitoring and freezing information, as required as detailed by CBS News.
Free credit monitoring and identity protection services are being provided to those patients whose Social Security numbers may have been involved. As mentioned by ID Strong, affected individuals should proactively guard against identity theft and fraud by immediate credit and identity monitoring services enrollment, and requesting an Explanation of Benefits every six months to verify listed services.
With Cook County Health’s recent breach, questions are raised about patient data security, on a national scale. Every healthcare providers who are entrusted with sensitive patient information must ensure effective protective measures are in place to prevent such breaches. As seen with Cook County Health, even third-party service providers can be vulnerable, highlighting the need for comprehensive security measures across the entire healthcare industry.
